Does anybody know if it's required to remove CDN links (such for Google fonts, cdnjs, etc.) and host all assets locally instead unless consent is given? Assets from CDNs are required for a site to function; what's not required is to send `Referer:` so maybe it's sufficient to set a referrer-policy.
I wonder the same. Would I need the web visitor's consent for loading a reCaptcha to verify they're indeed human?
Google fonts is just one of the many font libraries. For example, most web font licenses at myfonts.com don't permit webmasters to self host them. Bypassing the HTTP referer download protection, downloading them and then self hosting the font files could lead to significant legal problems.
